Deep dives into software architecture, cloud infrastructure, and scalable system design.
Two days ago we put a paste box on the open internet. Type a shell command, hit Evaluate, get a verdict — BLOCK, AUDIT, or ALLOW. Same on a second tab for MCP tool calls: tool name, JSON-style args, evaluate, verdict.
A real bypass, a new analyzer layer, and the design pattern behind it.
When the agent knows it's being watched — detecting eval-aware code patterns before they ship.
I've been watching AI write code for two years now. And I've noticed something that nobody talks about enough: the model is almost never the bottleneck. The context is.
Last week I sat down to write a single rule — block an AI agent from reading ~/.cache/op/, the 1Password CLI v2 session cache. A junior security person would look at the ticket and think: "one file, one regex, an afternoon."
Seven days later I had shipped twenty.
